diff --git a/main.tf b/main.tf
index 61376fd..2b70851 100644
--- a/main.tf
+++ b/main.tf
@@ -102,4 +102,15 @@ resource "google_organization_iam_member" "organization_viewer" {
 resource "google_service_account_key" "keys" {
   for_each           = var.generate_keys ? local.names : toset([])
   service_account_id = google_service_account.service_accounts[each.value].email
+  keepers = {
+    rotation_time = var.key_rotation_days == null ? null : time_rotating.key_rotation["key_rotation_days"].rotation_rfc3339
+  }
+
+}
+
+resource "time_rotating" "key_rotation" {
+  for_each = var.key_rotation_days == null ? {} : {
+    "key_rotation_days" = var.key_rotation_days
+  }
+  rotation_days = var.key_rotation_days
 }
diff --git a/variables.tf b/variables.tf
index 484d229..1150f1e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -84,3 +84,9 @@ variable "descriptions" {
   description = "List of descriptions for the created service accounts (elements default to the value of `description`)"
   default     = []
 }
+
+variable "key_rotation_days" {
+  type        = number
+  description = "Number of days after which the service account key is rotated"
+  default     = null
+}
diff --git a/versions.tf b/versions.tf
index 87069f6..2b30552 100644
--- a/versions.tf
+++ b/versions.tf
@@ -22,6 +22,10 @@ terraform {
       source  = "hashicorp/google"
       version = ">= 3.53, < 7"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = "~> 0.12"
+    }
   }
 
   provider_meta "google" {